During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
A system administrator identifies unusual network traffic from outside the local network. Which of the following
is the BEST method for mitigating the threat?
Which of the following attack vectors capitalizes on a previously undisclosed issue with a software application?
What are the two most appropriate binary analysis techniques to use in digital forensics analysis? (Choose two.)
A system administrator has been tasked with developing highly detailed instructions for patching managed assets using the corporate patch management solution. These instructions are an example of which of the following?
Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?
An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After
reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
Which of the following plans helps IT security staff detect, respond to, and recover from a cyber attack?
An employee discovered the default credentials in DB servers, which were found by using a word list of commonly used and default passwords in Hydra, the tool behind the Brute functionality. The use of the word list in Hydra is an example of what type of password cracking?
It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
What are three benefits of security logging and monitoring? (Choos)
Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?
Which of the following is considered a weakness or gap in a security program that can be exploited to gain unauthorized access?
An incident responder has collected network capture logs in a text file, separated by five or more data fields.
Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?
Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
Which of the following technologies would reduce the risk of a successful SQL injection attack?
Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
An incident response team is concerned with verifying the integrity of security information and event
management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following
would be the BEST action to take to plan for this kind of attack in the future?
A security analyst needs to capture network traffic from a compromised Mac host. They attempt to execute the tcpdump command using their general user account but continually receive an "Operation Not Permitted" error.
Use of which of the following commands will allow the analyst to capture traffic using tcpdump successfully?
Which of the following sources is best suited for monitoring threats and vulnerabilities?
A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)
What term means that data is valid and not corrupt?
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
Which service is commonly found on port 3306?
Which part of a proactive approach to system security is responsible for identifying all possible threats to a system to be categorized and analyzed?
An incident handler is assigned to initiate an incident response for a complex network that has been affected
by malware. Which of the following actions should be taken FIRST?
Detailed step-by-step instructions to follow during a security incident are considered:
A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
Which are successful Disaster Recovery Plan best practices options to be considered? (Choose three.)
Which term describes the process of collecting logs from many sources across an IT infrastructure into a single, centralized platform to be reviewed and analyzed?
If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?
Which of the following represents a front-end security capability that addresses cyber resiliency?
An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following
BEST describes what is occurring?
The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
What is baseline security?
In which of the following attack phases would an attacker use Shodan?
Which of the following security best practices should a web developer reference when developing a new web- based application?
According to SANS, when should an incident retrospective be performed?
Which two answer options correctly highlight the difference between static and dynamic binary analysis techniques? (Choose two.)
During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to
determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?
A security administrator needs to review events from different systems located worldwide. Which of the
following is MOST important to ensure that logs can be effectively correlated?
After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?
Which approach to cybersecurity involves a series of defensive mechanisms that are layered to protect valuable data and information?
During recovery from an incident, which three options should a company focus on? (Choose three.)
Which three of the following are included in encryption architecture? (Choose three.)
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = “attacker@somewhere.com”; DROP TABLE members; –”
Which of the following did the hackers perform?
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
What kind of measures and controls are implemented when employees get assigned personal, unique badges when they join the organization, and they remain valid until the employee's last day of work?
Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?
When reviewing log files from a recent incident, the response team discovers that most of the network-based indicators are IP-based. It would be helpful to the response team if they could resolve those IP-based indicators to hostnames. Which of the following is BEST suited for this task?